Remediate-HybridJoinDrift.ps1
|
<#PSScriptInfo
.VERSION 1.0 .GUID 3f4c1c0c-9b0e-4c7a-9d4e-2f0a8e7c1b22 .AUTHOR Mert Efe Kanlikilic .DESCRIPTION A remediation script designed to fix Hybrid Join drift conditions on Intune and Entra-managed Windows devices. #> $logPath = "C:\ProgramData\IntuneRemediations\HybridJoin.log" function Write-Log { param ($msg) $time = Get-Date -Format "yyyy-MM-dd HH:mm:ss" $entry = "$time - $msg" Add-Content -Path $logPath -Value $entry Write-Output $msg } function Get-JoinState { $dsreg = dsregcmd /status | Out-String $aad = ($dsreg | Select-String "AzureAdJoined\s*:\s*(\w+)").Matches.Groups[1].Value return $aad } try { Write-Log "Starting Hybrid Join remediation" $currentState = Get-JoinState Write-Log "Current AzureAdJoined: $currentState" if ($currentState -eq "YES") { Write-Log "Already joined, no action needed" exit 0 } # Önce scheduled task dene (en doğru yöntem) $task = Get-ScheduledTask | Where-Object { $_.TaskName -like "*Device-Join*" -or $_.TaskPath -like "*Workplace Join*" } if ($task) { Write-Log "Triggering scheduled task" Start-ScheduledTask -InputObject $task } else { Write-Log "Scheduled task not found, using dsregcmd /join" dsregcmd /join | Out-Null } Start-Sleep -Seconds 15 $newState = Get-JoinState Write-Log "Post-remediation AzureAdJoined: $newState" if ($newState -eq "YES") { Write-Log "Hybrid Join successful" exit 0 } else { Write-Log "Hybrid Join not completed yet (may require time/network)" exit 0 # önemli: fail etme, çünkü async olabilir } } catch { Write-Log "Remediation failed: $_" exit 1 } |